package org.apache.hive.hcatalog.templeton;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.sun.jersey.api.core.PackagesResourceConfig;
import com.sun.jersey.spi.container.servlet.ServletContainer;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.logging.Handler;
import java.util.logging.LogManager;
import javax.servlet.DispatcherType;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hive.common.classification.InterfaceAudience;
import org.apache.hadoop.hive.common.classification.InterfaceStability;
import org.apache.hadoop.hive.conf.MapRKeystoreReader;
import org.apache.hadoop.hive.conf.MapRSecurityUtil;
import org.apache.hadoop.hive.shims.Utils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.util.GenericOptionsParser;
import org.apache.hive.http.CustomHeadersFilter;
import org.eclipse.jetty.rewrite.handler.RedirectPatternRule;
import org.eclipse.jetty.rewrite.handler.RewriteHandler;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.LowResourceMonitor;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.xml.XmlConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.bridge.SLF4JBridgeHandler;

@InterfaceAudience.LimitedPrivate({"Integration Tests"})
@InterfaceStability.Unstable
/* loaded from: input_file:org/apache/hive/hcatalog/templeton/Main.class */
public class Main {
    public static final String SERVLET_PATH = "templeton";
    private static final Logger LOG = LoggerFactory.getLogger(Main.class);
    public static final int DEFAULT_PORT = 8080;
    public static final String DEFAULT_HOST = "0.0.0.0";
    public static final String DEFAULT_SSL_PROTOCOL_BLACKLIST = "SSLv2,SSLv3";
    private org.eclipse.jetty.server.Server server;
    private static volatile AppConfig conf;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hive/hcatalog/templeton/Main$UserNameHandler.class */
    public static final class UserNameHandler {
        UserNameHandler() {
        }

        static void allowAnonymous(FilterHolder filterHolder) {
            filterHolder.setInitParameter("hadoop.http.authentication.simple.anonymous.allowed", "true");
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static String getUserName(HttpServletRequest httpServletRequest) {
            if (UserGroupInformation.isSecurityEnabled() || !"POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
                return null;
            }
            String parameter = httpServletRequest.getParameter("user.name");
            if (parameter != null) {
                Main.LOG.warn("user.name is sent as form parameter which is deprecated as of Hive 0.13.  Should send it in the query string.");
            }
            return parameter;
        }
    }

    public static synchronized AppConfig getAppConfigInstance() {
        if (conf == null) {
            LOG.error("Bug: configuration not yet loaded");
        }
        return conf;
    }

    Main(String[] strArr) {
        init(strArr);
    }

    public void init(String[] strArr) {
        initLogger();
        conf = loadConfig(strArr);
        conf.startCleanup();
        LOG.debug("Loaded conf " + conf);
    }

    private void initLogger() {
        java.util.logging.Logger logger = LogManager.getLogManager().getLogger("");
        for (Handler handler : logger.getHandlers()) {
            logger.removeHandler(handler);
        }
        SLF4JBridgeHandler.install();
    }

    public AppConfig loadConfig(String[] strArr) {
        AppConfig appConfig = new AppConfig();
        try {
            if (new GenericOptionsParser(appConfig, strArr).getRemainingArgs().length > 0) {
                usage();
            }
        } catch (IOException e) {
            LOG.error("Unable to parse options: " + e);
            usage();
        }
        return appConfig;
    }

    public void usage() {
        System.err.println("usage: templeton [-Dtempleton.port=N] [-D...]");
        System.exit(1);
    }

    public void run() {
        int i = conf.getInt(AppConfig.PORT, DEFAULT_PORT);
        try {
            checkEnv();
            runServer(i);
            int localPort = ArrayUtils.isEmpty(this.server.getConnectors()) ? -1 : this.server.getConnectors()[0].getLocalPort();
            System.out.println("templeton: listening on port " + localPort);
            LOG.info("Templeton listening on port " + localPort);
        } catch (Exception e) {
            System.err.println("templeton: Server failed to start: " + e.getMessage());
            LOG.error("Server failed to start: " + e, e);
            System.exit(1);
        }
    }

    void stop() {
        if (this.server != null) {
            try {
                this.server.stop();
            } catch (Exception e) {
                LOG.warn("Failed to stop jetty.Server", e);
            }
        }
    }

    private void checkEnv() {
        checkCurrentDirPermissions();
    }

    private void checkCurrentDirPermissions() {
        if (new File(".").exists()) {
            return;
        }
        System.err.println("Server failed to start: templeton: Current working directory '.' does not exist!");
        LOG.error("Server failed to start: templeton: Current working directory '.' does not exist!");
        System.exit(1);
    }

    public org.eclipse.jetty.server.Server runServer(int i) throws Exception {
        if (UserGroupInformation.isSecurityEnabled()) {
            UserGroupInformation.loginUserFromKeytab(SecurityUtil.getServerPrincipal(conf.kerberosPrincipal(), DEFAULT_HOST), conf.kerberosKeytab());
        }
        if (StringUtils.isEmpty(conf.jettyConfiguration())) {
            this.server = new org.eclipse.jetty.server.Server();
        } else {
            this.server = (org.eclipse.jetty.server.Server) new XmlConfiguration(new FileInputStream(conf.jettyConfiguration())).configure();
        }
        ServletContextHandler servletContextHandler = new ServletContextHandler(this.server, "/");
        FilterHolder makeAuthFilter = makeAuthFilter();
        EnumSet of = EnumSet.of(DispatcherType.REQUEST);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/ddl/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/pig/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/hive/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/sqoop/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/queue/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/jobs/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/mapreduce/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/status/*", of);
        servletContextHandler.addFilter(makeAuthFilter, "/templeton/v1/version/*", of);
        FilterHolder filterHolder = new FilterHolder(CustomHeadersFilter.class);
        filterHolder.setInitParameter("jetty.custom.headers.file.location", getAppConfigInstance().headersFile());
        servletContextHandler.addFilter(filterHolder, "/templeton/*", of);
        if (conf.getBoolean(AppConfig.XSRF_FILTER_ENABLED, false)) {
            servletContextHandler.addFilter(makeXSRFFilter(), "/templeton/*", of);
            LOG.debug("XSRF filter enabled");
        } else {
            LOG.warn("XSRF filter disabled");
        }
        servletContextHandler.addServlet(new ServletHolder(new ServletContainer(makeJerseyConfig())), "/templeton/*");
        addRedirects(this.server);
        LowResourceMonitor lowResourceMonitor = new LowResourceMonitor(this.server);
        lowResourceMonitor.setLowResourcesIdleTimeout(10000);
        this.server.addBean(lowResourceMonitor);
        this.server.addConnector(createChannelConnector());
        this.server.start();
        return this.server;
    }

    private Connector createChannelConnector() throws IOException {
        ServerConnector serverConnector;
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setRequestHeaderSize(65536);
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        if (conf.getBoolean(AppConfig.USE_SSL, false)) {
            LOG.info("Using SSL for templeton.");
            SslContextFactory sslContextFactory = new SslContextFactory();
            initializeMapRSll(sslContextFactory);
            HashSet newHashSet = Sets.newHashSet(Splitter.on(",").trimResults().omitEmptyStrings().split(Strings.nullToEmpty(conf.get(AppConfig.SSL_PROTOCOL_BLACKLIST, DEFAULT_SSL_PROTOCOL_BLACKLIST))));
            sslContextFactory.addExcludeProtocols((String[]) newHashSet.toArray(new String[newHashSet.size()]));
            String sslProtocolVersion = MapRSecurityUtil.getSslProtocolVersion();
            String clientKeystoreLocation = MapRKeystoreReader.getClientKeystoreLocation();
            String clientKeystorePassword = MapRKeystoreReader.getClientKeystorePassword();
            sslContextFactory.setProtocol(sslProtocolVersion);
            sslContextFactory.setKeyStorePath(clientKeystoreLocation);
            sslContextFactory.setKeyStorePassword(clientKeystorePassword);
            LOG.info(String.format("Current SSL protocol version is %s", sslProtocolVersion));
            serverConnector = new ServerConnector(this.server, sslContextFactory, new ConnectionFactory[]{httpConnectionFactory});
        } else {
            serverConnector = new ServerConnector(this.server, new ConnectionFactory[]{httpConnectionFactory});
        }
        serverConnector.setReuseAddress(true);
        serverConnector.setHost(conf.get(AppConfig.HOST, DEFAULT_HOST));
        serverConnector.setPort(conf.getInt(AppConfig.PORT, DEFAULT_PORT));
        return serverConnector;
    }

    private static void initializeMapRSll(SslContextFactory sslContextFactory) throws IOException {
        if (MapRSecurityUtil.isMapRSecurityEnabled()) {
            configureSsl(sslContextFactory);
        }
    }

    private static void configureSsl(SslContextFactory sslContextFactory) throws IOException {
        if (conf.get(AppConfig.KEY_STORE_PATH) == null || conf.get(AppConfig.KEY_STORE_PATH).isEmpty()) {
            sslContextFactory.setKeyStorePath(MapRKeystoreReader.getClientKeystoreLocation());
        } else {
            sslContextFactory.setKeyStorePath(conf.get(AppConfig.KEY_STORE_PATH));
        }
        if (conf.getPassword(AppConfig.KEY_STORE_PASSWORD) == null) {
            sslContextFactory.setKeyStorePassword(MapRKeystoreReader.getClientKeystorePassword());
        } else {
            sslContextFactory.setKeyStorePassword(new String(conf.getPassword(AppConfig.KEY_STORE_PASSWORD)));
        }
    }

    public FilterHolder makeXSRFFilter() {
        FilterHolder filterHolder = new FilterHolder(Utils.getXSRFFilter());
        if (0 != 0) {
            filterHolder.setInitParameter("custom-header", (String) null);
        }
        if (0 != 0) {
            filterHolder.setInitParameter("methods-to-ignore", (String) null);
        }
        return filterHolder;
    }

    public FilterHolder makeAuthFilter() {
        FilterHolder filterHolder = new FilterHolder(AuthenticationFilter.class);
        filterHolder.setInitParameter("config.prefix", "hadoop.http.authentication");
        UserNameHandler.allowAnonymous(filterHolder);
        if (UserGroupInformation.isSecurityEnabled()) {
            filterHolder.setInitParameter("hadoop.http.authentication.type", "org.apache.hadoop.security.authentication.server.MultiMechsAuthenticationHandler");
            filterHolder.setInitParameter("hadoop.http.authentication.signature.secret", "com.mapr.security.maprauth.MaprSignatureSecretFactory");
            if (conf.kerberosPrincipal() != null) {
                filterHolder.setInitParameter("hadoop.http.authentication.kerberos.principal", conf.kerberosPrincipal());
            }
            if (conf.kerberosKeytab() != null) {
                filterHolder.setInitParameter("hadoop.http.authentication.kerberos.keytab", conf.kerberosKeytab());
            }
        } else {
            filterHolder.setInitParameter("hadoop.http.authentication.type", "simple");
        }
        return filterHolder;
    }

    public PackagesResourceConfig makeJerseyConfig() {
        PackagesResourceConfig packagesResourceConfig = new PackagesResourceConfig(new String[]{"org.apache.hive.hcatalog.templeton"});
        HashMap hashMap = new HashMap();
        hashMap.put("com.sun.jersey.api.json.POJOMappingFeature", "true");
        hashMap.put("com.sun.jersey.config.property.WadlGeneratorConfig", "org.apache.hive.hcatalog.templeton.WadlConfig");
        packagesResourceConfig.setPropertiesAndFeatures(hashMap);
        return packagesResourceConfig;
    }

    public void addRedirects(org.eclipse.jetty.server.Server server) {
        RewriteHandler rewriteHandler = new RewriteHandler();
        RedirectPatternRule redirectPatternRule = new RedirectPatternRule();
        redirectPatternRule.setPattern("/templeton/v1/application.wadl");
        redirectPatternRule.setLocation("/templeton/application.wadl");
        rewriteHandler.addRule(redirectPatternRule);
        HandlerList handlerList = new HandlerList();
        ArrayList arrayList = new ArrayList();
        arrayList.add(rewriteHandler);
        for (org.eclipse.jetty.server.Handler handler : server.getHandlers()) {
            arrayList.add(handler);
        }
        handlerList.setHandlers((org.eclipse.jetty.server.Handler[]) arrayList.toArray(new org.eclipse.jetty.server.Handler[arrayList.size()]));
        server.setHandler(handlerList);
    }

    public static void main(String[] strArr) {
        new Main(strArr).run();
    }
}
